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DETAILED ACTION 

This action is responsive to the response to the arguments filed January 2, 2008. Claims 
1-28, 34-42, 44-53 are pending. 



Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

2. Claims 1-16, 18-28, 34-40, 42, and 44-53 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Win et al. US Patent No. 6,182,142. Win teaches the invention as claimed 
including access and registry servers to provide secure access to clients (see abstract). 

As per claims 1, 34 and 39 Win et al. teaches a method, system and computer-executable 
program code for accessing resources on a private network via an intermediary server said 
method comprising: 

receiving a login request from a user for access to the intermediary server (user login to 
Access Server (106) column 6, lines 6-24, column 9, lines 45-67); 
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authenticating the user in response to the login request (Authentication Client Module 
authenticates user by verifying user login with Registry Server (108), column 6, lines 49-51); 

receiving a resource request from the authenticated user at the intermediary server, the 
resource request requesting a particular operation with respect to a resource from the private 
network (User selects resource to be accessed from protected server (112), column 6, lines 16- 
24, lines 65-67); 

obtaining access privileges for the authenticated user in response to the resource request 
(cookie sent to browser with access privileges; column 8, lines 56-67); 

determining whether the access privileges for the authenticated user permit the 
authenticated user to perform the particular operation at the private network (Access Server 
decrypts "roles cookie" to determine privileges Figure 3 (320), column 8, liens 56-67), and 

preventing, by the intermediary server, performance of the particular operation at the 
private network if the access privileges for the authenticated user do not permit the authenticated 
user to perform the particular operation at the private network (Access restricted (322)). 

As per claims 19 and 44, Win et al. teaches a method for providing remote access to a 
private network via an intermediary server, said method comprising: 

receiving a login request from a remote user for access to the intermediary server (user 
login to Access Server (106) column 6, lines 6-24, column 9, lines 45-67); 

determining whether the remote user is permitted access to the intermediary server based 
on the login request (Authentication Client Module authenticates user by verifying user login 
with Registry Server (108), column 6, lines 49-51); 
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granting the remote user access to the intermediary server if remote user is permitted 
access to the intermediary server, the granted access carrying access privileges to a portion of the 
private network (Access Server decrypts "roles cookie" to determine privileges Figure 3 (320), 
column 8, liens 56-67); 

receiving a resource request from the remote user at the intermediary server if the remote 
user is granted access to the intermediary server, the resource request requesting a particular 
resource on the private network (User selects resource to be accessed from protected server 
(112), column 6, lines 16-24, lines 65-67); 

determining whether the resource request from the remote user is permitted by the access 
privileges (Access Server decrypts "roles cookie" to determine privileges Figure 3 (320), column 
8, liens 56-67) 

supplying the particular resource to the remote user through the intermediary server if the 
resource request from the remote user is permitted by the access privileges (Figure 3C); and 

denying the remote user from access to the particular resource by the intermediary server 
if the resource request from the remote user is not permitted by the access privileges (Access 
restricted (322)). 

As per claim 51, Win teaches an intermediary server system comprising: 

means for sending a modified resource to a client (column 8, lines 31-55); 

mean for receiving a request for a resource from the client (figure 3 A; column 8, lines 13- 



30); 
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means for forwarding the received request to a remote server through a private network 
(column 7, lines 41-67); 

means for receiving the resource from the remote server in response to the forwarded 
request (column 8, lines 33-44); 

means for replacing a link in the received resource with a link that points to the 
intermediary server system to obtain the modified resource (column 8, lines 33-67); 

means for authenticating the client, the means for authenticating the client included in a 
device that hosts the means for sending the modified resource to the client and the means for 
receiving the request (Authentication Client Module authenticates user by verifying user login 
with Registry Server (108), column 6, lines 49-51); and 

means for controlling client access to the requested resource based on authentication 
information and access information (Access Server decrypts "roles cookie" to determine 
privileges Figure 3 (320), column 8, liens 56-67) 

As per claims 2 and 35, Win et al. teaches a method as recited in claim 1, wherein the 
particular operation is one of a file access operation or an email operation (resource request 
column 6, lines 65-67) 

As per claim 3 and 36, Win et al. teaches a method as recited in claim 1 wherein said 
authenticating determines whether the user is authenticated based on an external authentication 
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server (Access server (106) and registry server (108) that exchange information to authenticate a 
user. Registry server (108) verifies user name and password). 

As per claim 4, Win et al. teaches a method as recited in claim 3 wherein the external 
authentication server is within the private network (Registry server (108) coupled to Access 
server (106), Figure 5A). 

As per claims 5, 37 and 52, Win et al. teaches a method as recited in claims 1, 34 and 51 
wherein the intermediary server stores the access privileges for a plurality of users (Access 
server (106) stores Authentication client module, column 6, lines 48-51)). 

As per claim 6, Win et al. teaches a method as recited in claim 1 , wherein the 
intermediary server stores an authentication identifier for each of a plurality of users, the 
authentication identifier identifying an external authentication server to be used to perform said 
authenticating (Access server (106) and registry server (108) that exchange information to 
authenticate a user. Registry server (108) verifies user name and password). 

As per claim 7, Win et al. teaches a method as recited in claim 6, wherein the external 
authentication server is within the private network (Registry server (108) coupled to Access 
server (106), Figure 5A). 
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As per claim 8, Win et al. teaches a method as recited in claim 7, wherein the 
authentication identifier comprises a network address for the external authentication server 
(column 12, lines 26-67). 

As per claim 9, Win et al. teaches a method as recited in claim 1, wherein the resource 
request is from a client-side application running on a client machine (column 5, lines 9-15). 

As per claim 10, Win et al. teaches a method as recited in claim 9, wherein the client side 
application is one of a web browser, an email application or a file access application (column 5, 
lines 9-15). 

As per claim 11, Win et al. teaches a method as recited in claim 1, wherein the user is a 
remote user (column 5, lines 9-15). 

As per claims 12 and 38, Win et al. teaches a method as recited in claim 1, wherein the 
resource request is from a client-side application running on a remote client machine (column 5, 
lines 9-15). 

As per claim 13, Win et al. teaches a method as recited in claim 1, wherein the private 
network is an 25 intranet or other network (column 5, lines 15-17). 
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As per claim 14, Win et al. teaches a method as recited in claim 1 , wherein the resource 
request is from a network browser (column 5, lines 9-15). 

As per claims 15 and 53, Win et al. teaches a method as recited in claims 1 and 51, 
wherein said method further comprises: performing the particular operation at the private 
network to determine a response to the resource request if the access privileges for the 
authenticated user permit the authenticated user to perform the particular operation at the private 
network (column 8, lines 56-60). 

As per claims 16 and 40, Win et al. teaches a method as recited in claims 1 and 34, 
wherein the authenticated user has an Internet Protocol (IP) address, and wherein said 
determining if the access privileges for the authenticated user permit the authenticated user to 
perform the particular operation comprises: 

determining whether the access privileges for the authenticated user permit the 
authenticated user to perform the particular operation at the private network (column 8, lines 34- 
38); and 

determining whether the IP address is authorized (column 8, liens 38-41) 

As per claims 18 and 42, Win et al. teaches a method as recited in claims 17 and 40, 
wherein the access privileges comprise permitted operations, authorized IP addresses, and time- 
of-day restrictions for a the authenticated user (column 8, lies 34-67). 
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As per claims 20 and 45, Win et al. teaches a method as recited in claim 19, wherein said 
supplying the particular resource comprises: 

retrieving the particular resource from a content server (column 8, lines 45-55); 

modifying at least one URL within the retrieved particular resource (column 11, lines 55- 
67); and 

sending the modified particular resource to the remote user (column 12, lines 1-10) 

As per claims 21, 23, 46 and 48 Win et al. teaches a method as recited in claim 19 
wherein said supplying the particular resource comprises: 

Obtaining a response for the particular resource (column 8, lines 1-43); 

modifying the response so that links within the response point to the intermediary server 
(column 8, lies 44-55); and 

sending the modified response to the remote user (column 9, lines 6-21). 

As per claims 22 and 47, Win et al. teaches a method as recited in claim 19, wherein said 
supplying the particular resource comprises: 

determining a host name for a remote server hosting the particular resource being 
requested (column 8, lines 45-55); 

sending a request for the particular resource to the remote server based on the determined 
host name (column 11, lies 55-67); and 

receiving, at the intermediary server, a response to the request from the remote server 
(column 12, lines 1-10). 
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As per claim 24 and 28, Win et al. teaches a method as recited in claims 19, wherein the 
private network is an intranet (column 5, lines 15-17). 

As per claims 25, Win et al. teaches a method as recited in claims 19, wherein the 
resource request is from a network browser (column 5, lines 9-15). 

As per claims 26 and 49, Win et al. teaches a method as recited in claims 19 and 34, 
wherein the resource request is from a client-side application operating on a remote client 
machine (column 5, lines 9-15). 

As per claims 27 and 50, Win et al. teaches a method as recited in claims 26 and 44 
wherein the client-side application is selected from the group consisting of: a web browser, an 
email application or a file access application (column 5, lines 9-15). 

As per claim 37, Win teaches a computer readable medium as recited in claim 34 wherein 
the intermediary server stores the access privileges for a plurality of users (Access server (106) 
and registry server (108) that exchange information to authenticate a user. Registry server (108) 
verifies user name and password), and 

wherein the intermediary server stores an authentication identifier for each of a plurality 
of users, the authentication identifier identifies an external authentication server to be used to 
perform authentication (Registry server (108) coupled to Access server (106), Figure 5A). 
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Claim Rejections - 35 USC §103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

4. Claims 17 and 41are rejected under 35 U.S.C. 103(a) as being unpatentable over Win et 
al. US Patent No. 6,182,142 in view of Coley et al. US Patent No. 5,826,014 Coley teaches the 
invention as claimed including a firewall system for protecting network elements connected to a 
public network (see abstract). Win teaches the invention as claimed including access and 
registry servers to provide secure access to clients (see abstract). 

As per claims 17 and 41, Win et al. teaches a method as recited in claim 16 and 40. Win 
does not teach wherein said determining if the access privileges for the authenticated user permit 
the authenticated user to perform the particular operation further comprises: determining whether 
time-of-day restrictions are satisfied. Coley teaches wherein said determining if the access 
privileges for the authenticated user permit the authenticated user to perform the particular 
operation further comprises: determining whether time-of-day restrictions are satisfied, (column 
9, lines 61-67; column 10, lines 1-26). It would have been obvious to a person of ordinary skill 
in the art at the time of the invention to combine the profiles and roles of Win with the time of 
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day restriction of Coley. A person of ordinary skill in the art would have been motivated to do 
this to restrict access to the protected server (Win 1 12). 

Response to Arguments 

5. Applicant's arguments with respect to claims 1-28, 34-42, 44-53 have been considered 
but are moot in view of the new ground(s) of rejection. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to UZMA ALAM whose telephone number is (571)272-3995. The 
examiner can normally be reached on Mondays and Tuesdays 5:30-2. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571) 272-4001 . The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Uzma Alam 
/U. A./ 
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Examiner, Art Unit 2157 
March 31, 2008 

/Ario Etienne/ 

Supervisory Patent Examiner, Art Unit 2157 



